Microsoft periodically releases software updates to fix reported problems. If you do not see your issue described in this article, review the list of software updates to see whether there is a software update that resolves your issue. To see the latest software updates, see Updates for SharePoint 2010 Products (http://go.microsoft.com/fwlink/p/?LinkId=160585).

<FarmAccount>, the account used for the SharePoint timer service and the central administration site, is highly privileged and should not be used for any other services on any machines in the server farm. The following services were found to use this account: User Profile Synchronization Service (Windows Service).

This message can be ignored. The User Profile Synchronization Service must run as the farm account.

When you create a profile synchronization connection for a directory service and you are not using Windows authentication, you must specify the authentication provider type and the authentication provider instance to use. The Authentication Provider Instance list should display all authentication providers that match the specified authentication provider type. If the list does not include the appropriate authentication provider, it could be because of one of the following reasons.

In addition to the Central Administration Web application, there must be at least one Web application that is configured to use the authentication provider. Create a Web application that uses the authentication provider and then try to create the profile synchronization connection. For more information about creating Web applications, see Create a Web application (SharePoint Server 2010).

Verify that the authentication provider is set up correctly, based on which of the following authentication methods you are using:

Forms-based authentication

The Web.Config file of the Central Administration Web site is one of the places wherein the membership information of the forms-based authentication providers is stored. SharePoint Server examines the Central Administration Web.Config file to determine the list of available authentication providers. Review your Central Administration Web.Config file to confirm that it has the correct membership provider and role manager settings. In particular, verify the following settings in the Web.Config file:

The port attribute specifies the port that is used to connect to the directory service. Confirm with your directory service administrator that you are using the correct port.

The userNameAttribute attribute specifies the name of the attribute in the directory service that serves as the unique identifier of each profile. Confirm with your directory service administrator that you are using the correct user name attribute.

When users access their My Site, their user account is associated with a corresponding user profile in SharePoint Server and the imported user profile data should be appear in their My Site. In claims-based Web applications, SharePoint Server uses the Claim User Identifier property (SPS-ClaimID) to match an authenticated user to the correct user profile. If the SPS-ClaimID is not mapped to the directory service attribute that you want to use as the user identifier, when a user is authenticated, he or she is not matched to the correct user profile and will not see the imported user profile data.

To resolve this issue, map the SPS-ClaimID property to the directory service attribute that uniquely identifies the user and then start a full profile synchronization. For example, if you are using a trusted identity provider for authentication that uses the e-mail address as the identity claim, map the SPS-ClaimID property to the mail attribute. For more information about mapping profile properties, see Map user profile properties in "Configure profile synchronization".

To resolve this issue, increase the appropriate profile synchronization time-out setting. For more information, see the Adjust profile synchronization time-outs section in the "Maintain profile synchronization" topic.

By default, the My Site Cleanup Job is enabled and runs hourly. When the My Site Cleanup job runs, it looks for all users who are marked for deletion and deletes their profiles. An e-mail message is also sent to the manager with a link to the deleted user’s site. The e-mail message contains a request to the manager to move any documents or data that the manager wants to preserve, because the site might be deleted in the future. Verify that the My Site Cleanup Job is active. For more information about timer jobs, see Manage timer jobs in "Timer Job Reference".

The My Site Cleanup Job requires that the User Profile Service application has a My Site Host configured. This is required even if you do not plan to use My Sites. If a My Site Host is not configured, the profiles marked for deletion will never be deleted by the My Site Cleanup Job. For more information about how to configure a My Site Host, see the To configure My Site settings for the User Profile Service Application section of the "Set Up My Sites" topic.

Sometimes the user profiles in SharePoint Server can include users that were not imported by using profile synchronization. This can occur, for example, if you upgraded from an earlier version of SharePoint Server and chose to only synchronize a subset of domains with SharePoint Server 2010. You can use Windows PowerShell to remove the obsolete users. For more information, see the Remove obsolete users and groups section of the "Maintain profile synchronization" topic.

User profile data is written to a directory service when you create an export mapping for a user profile property. If user profile properties are imported correctly but are not exported to the directory service, you can try the following:

Verify that the synchronization account has the necessary permissions. The synchronization account is the account that is used to access the directory service and synchronize profile information between SharePoint Server and the directory service. You specify this account when you create the synchronization connection. For certain directory services, additional permissions may be required to write data back to the directory service. Review the permissions information in the Grant account permissions section of the "Configure profile synchronization" topic.

If you changed the direction of a property mapping (that is, you deleted the import mapping and then added an export mapping), a full synchronization is required for properties to be exported to the directory service. For more information, see the Start the User Profile Synchronization service section in the "Configure profile synchronization" topic.

People search enables users to find other people in the organization. The imported user profiles must be crawled before people search can work correctly. The following issues can prevent people search from finding the imported user profiles:

The account that is used to crawl user profiles (that is, the crawl account) does not have permission to the User Profile Service application.

This issue occurs if the Microsoft SharePoint Server 2010 August 2010 Cumulative Update is installed after the User Profile Service application was created and the User Profile Synchronization service was started.

These errors should not affect the functionality of the profile synchronization feature, and can be ignored. If you want to eliminate these errors, you must delete and re-create the User Profile Service application. For more information about this issue, see http://support.microsoft.com/kb/2432041.